Modern law firms generate a ton of data. Customer contact information, leads and transactions are just a few examples. And of course they need a place to store all of that data, which has been the main reason for widespread cloud adoption.
As of early 2016, “88 percent of businesses were using public cloud technology and 63 percent were using private cloud.”
While this certainly makes things more efficient and allows you to store your data in a centralized, digital location, it can also create some major security concerns. With nearly 179 million records being exposed in the US in 2017 alone, it’s something your law firm should take seriously.
So before you choose a platform, you’ll want to look for the following in cloud provider security.
The first thing to find out is what the provider’s commitment to security is like. Do they place a huge emphasis on security? Or is it merely an afterthought?
Oracle explains, “The vendor should be able to make clear commitments about what controls are in place, where the data resides, who is managing the underlying technology and other responsibilities it will assume as custodian of the data.”
You should be able to get a feel for what their transparency level is by looking at the “security” section of their site and reading the details. If you can’t find one, you’ll likely want to choose another provider.
There are multiple law and regulations in place to control data transmission and storage. Some examples include the PCI DSS, HIPAA and ISO 27001.
Any reputable vendor will have compliance certifications such as these. This shows that security is a top priority and that they’re diligent about keeping their data secure.
Up-to-Date Encryption Technology
Encryption is one of the primary ways that cloud providers keep data out of the hands of unwanted third-parties. And the sophistication of encryption can vary significantly.
Advanced Encryption Standard (AES) is one of the most secure and is typically what you’ll want to look for in cloud provider security.
You could make the argument that physical security is equally as important as digital. If an intruder is able to gain access to a data center, your law firm’s security is instantly compromised.
Ideally, you’ll choose a provider that has robust on-site security including biometrics access, multi-factor authentication and extensive surveillance cameras. Beyond that, they should have some measure in place to protect their servers against fire, water and natural disaster.
Finally, it’s a good idea to see if a cloud provider has been linked to any previous data breaches. Usually a quick Google search will tell you everything you need to know, and you can see if there are any red flags. If it happened before, it can happen again, so it’s best to avoid companies who have had any prior issues.
Whenever your law firm stores data on the cloud, you’re entrusting the vendor with your most sensitive information. So you obviously don’t want to go with just anyone. They should be meticulous about digital security and take exhaustive efforts to keep your data safe.